34017ba6a3ea381ae89c6730926873b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34017ba6a3ea381ae89c6730926873b4_JaffaCakes118
Size

452KB
MD5

34017ba6a3ea381ae89c6730926873b4
SHA1

2054383e1f4dd1ae020dce5413b5e276f4ff1bbe
SHA256

f6c5f13914e10ae87c3518f3d2d477f3540d4d5761a0855fbef569fe26166e1a
SHA512

6debc1e86de1efa2e281665f2ffb597ff6c04d35dc99fdfa560f37cf2dbcf13b9965b71002422d0a59fe580102e75be544a7c8c909121e0c4532b55c88653c6d
SSDEEP

12288:OYZxOyuro01gRZQn7jDu0ysYJHMT2wiYzT4a6ffX:/Gls7QXDu05T2wLfWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34017ba6a3ea381ae89c6730926873b4_JaffaCakes118

Files

34017ba6a3ea381ae89c6730926873b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bcadbc83088c0815e75f8df53800e2f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PrintDlgA
ChooseColorA
GetSaveFileNameW
GetFileTitleA

shell32

DragFinish
SHInvokePrinterCommandW
ExtractAssociatedIconExA
RealShellExecuteExA

advapi32

LookupAccountNameW
CryptDuplicateHash
CryptEnumProviderTypesA
RegSaveKeyW
ReportEventA
RegCreateKeyA
RegCreateKeyExA
CryptDestroyHash
CreateServiceW
RegEnumValueW
RegQueryMultipleValuesW
LookupSecurityDescriptorPartsA
RegSaveKeyA

user32

SetUserObjectSecurity
SetMenu
SetLastErrorEx
GetMessageA
ChangeDisplaySettingsExW
InflateRect
DdeConnect
SetPropA
SetMenuContextHelpId
EndDialog
ShowWindowAsync
MessageBoxIndirectW
SetScrollRange
SetProcessWindowStation
GetMenuInfo
DispatchMessageW
MessageBoxExW
MonitorFromWindow
GetWindowInfo
InternalGetWindowText
CharNextExA
EndMenu
PackDDElParam
GetNextDlgGroupItem
SetParent

kernel32

GetEnvironmentStringsW
HeapCreate
VirtualFree
InterlockedIncrement
Sleep
HeapDestroy
RtlUnwind
GetModuleHandleA
DeleteCriticalSection
HeapReAlloc
WriteFile
UnhandledExceptionFilter
WideCharToMultiByte
TlsGetValue
SetLastError
GetModuleFileNameA
GetCPInfo
InterlockedDecrement
LCMapStringW
EnumSystemLocalesA
GetCurrentThread
GetProcAddress
TerminateProcess
GetUserDefaultLCID
GetTimeZoneInformation
HeapAlloc
GetLocaleInfoA
VirtualAlloc
FreeEnvironmentStringsA
HeapFree
TlsSetValue
GetFileType
CompareStringA
TlsFree
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetLastError
GetTickCount
GetEnvironmentStrings
IsDebuggerPresent
GetACP
LCMapStringA
InterlockedExchange
LeaveCriticalSection
SetVolumeLabelA
ContinueDebugEvent
ExitProcess
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
QueryPerformanceCounter
GetCurrentThreadId
FreeEnvironmentStringsW
GetTimeFormatA
VirtualQuery
IsValidCodePage
GetCommandLineA
MultiByteToWideChar
GetDateFormatA
GetStartupInfoA
CompareStringW
EnterCriticalSection
IsValidLocale
FreeLibrary
SetEnvironmentVariableA
GetVersionExA
GetOEMCP
GetCurrentProcess
GetProcessHeap
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
SetHandleCount
GetStdHandle
InitializeCriticalSection
TlsAlloc

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcadbc83088c0815e75f8df53800e2f3

Headers

File Characteristics

Imports

comdlg32

shell32

advapi32

user32

kernel32

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 9KB - Virtual size: 34KB

.data Size: 281KB - Virtual size: 280KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 9KB - Virtual size: 34KB

.data
Size: 281KB - Virtual size: 280KB

.rsrc
Size: 4KB - Virtual size: 3KB